feat: support to start compose mock proxy servers#670

LinuxSuRen · 2025-04-22T14:36:50Z

We highly recommend you read the contributor's documentation before starting the review process especially since this is your first contribution to this project.

It was updated on 2024/5/27

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

sonarqubecloud · 2025-04-22T14:37:36Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

pkg/mock/in_memory.go

+    h.metrics.RecordRequest(req.URL.Path)
+    memLogger.Info("receiving mock request", "name", h.item.Name, "method", req.Method, "path", req.URL.Path,
+        "encoder", h.item.Response.Encoder)
+


To fix the issue, we need to ensure that any user-controlled data written to the HTTP response is properly sanitized or escaped to prevent XSS vulnerabilities. Specifically:

Use the html.EscapeString function from the html package to escape any user-controlled data before writing it to the response.

Apply this escaping to the h.item.Response.BodyData before it is passed to the writeResponse function.

The changes will be made in the handle method of the advanceHandler struct, ensuring that the h.item.Response.BodyData is sanitized before being written to the response.

codacy-production · 2025-04-22T14:38:49Z

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.15% (target: -1.00%)	❌ 64.80% (target: 80.00%)

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (`109c5d9`)	19393	7928	40.88%
Head commit (`ebe03a0`)	19745 (+352)	8101 (+173)	41.03% (+0.15%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#670)	446	289	64.80%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings Change summary preferences

github-actions · 2025-04-22T14:39:21Z

There are 1 test cases, failed count 0:

Name	Average	Max	Min	Count	Error
	11.565264ms	12.162417ms	11.192117ms	3	0

Reported by api-testing.

LinuxSuRen and others added 2 commits April 22, 2025 16:59

feat: support to start compose mock proxy servers

cdd35d9

add comments

ebe03a0

LinuxSuRen added the enhancement New feature or request label Apr 22, 2025

LinuxSuRen requested a review from yuluo-yx as a code owner April 22, 2025 14:36

github-advanced-security bot found potential problems Apr 22, 2025

View reviewed changes

LinuxSuRen merged commit 5543dbf into master Apr 23, 2025
21 of 22 checks passed

LinuxSuRen deleted the feat/mock-compose branch April 23, 2025 05:44

@@ -26,2 +26,3 @@
                 "net/http"
+                "html"
                 "strings"
@@ -392,3 +393,5 @@
-                writeResponse(w, h.item.Response.BodyData, err)
+                // Escape user-controlled data to prevent XSS
+                escapedBodyData := []byte(html.EscapeString(string(h.item.Response.BodyData)))
+                writeResponse(w, escapedBodyData, err)
             }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: support to start compose mock proxy servers#670